Merge "[Docs] Recommendations for firewalld"

2017-06-23 19:59:09 +00:00 · 2017-06-23 19:59:09 +00:00 · 2a39ff0bb3
commit 2a39ff0bb3
parent 8243a80e48 46ccb91841
1 changed files with 17 additions and 0 deletions
--- a/deploy-guide/source/deploymenthost.rst
+++ b/deploy-guide/source/deploymenthost.rst
@ -85,6 +85,23 @@ Before you begin, we recommend upgrading your system packages and kernel.

 #. Configure NTP to synchronize with a suitable time source.

+#. The ``firewalld`` service is enabled on most CentOS systems by default and
+   its default ruleset prevents OpenStack components from communicating
+   properly. Stop the ``firewalld`` service and mask it to prevent it from
+   starting:
+
+   .. code-block:: shell-session
+
+       # systemctl stop firewalld
+       # systemctl mask firewalld
+
+.. note::
+
+    There is `future work planned <https://bugs.launchpad.net/openstack-ansible/+bug/1657518>`_
+    to create proper firewall rules for OpenStack services in OpenStack-Ansible
+    deployments. Until that work is complete, deployers must maintain their
+    own firewall rulesets or disable the firewall entirely.
+
 Configure the network
 ~~~~~~~~~~~~~~~~~~~~~